Today we released seven security bulletins addressing 34 CVE’s. Six bulletins have a maximum severity rating of Critical, and one has a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
(win32k.sys and TTF font parsing)
Additional attack vector involves victim browsing to a malicious webpage that serves up TTF font file resulting in code execution as SYSTEM.
Kernel-mode portion of TTF font parsing issue (CVE-2013-3129) addressed by this update.
(.NET Framework and Silverlight)
Unlikely to see wide-spread infection as low privileged users do not have permission to write to root of system drive by default.
- Jonathan Ness, MSRC Engineering